#alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Potential FakeAV? download ASetup_2009.exe variant"; flow:established,to_server; content:"GET "; nocase; depth:4; content:"Setup_"; fast_pattern; nocase; http_uri; content:".exe"; distance:0; nocase; http_uri; content:!"|0d 0a|Referer|3a| "; nocase; pcre:"/\/[A-Z]Setup_[0-9]{4}\.exe$/Ui"; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,doc.emergingthreats.net/2010901; classtype:trojan-activity; sid:2010901; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:04:03 UTC


#alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET DELETED Potential FakeAV? download ASetup_2009.exe variant"; flow:established,to_server; content:"GET "; nocase; depth:4; content:"Setup_"; fast_pattern; nocase; http_uri; content:".exe"; distance:0; nocase; http_uri; content:!"|0d 0a|Referer|3a| "; nocase; pcre:"/\/[A-Z]Setup_[0-9]{4}\.exe$/Ui"; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,doc.emergingthreats.net/2010901; classtype:trojan-activity; sid:2010901; rev:7;)

Added 2014-09-12 16:28:26 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download ASetup_2009.exe variant"; flow:established,to_server; content:"GET"; nocase; http_method; content:"Setup_"; nocase; http_uri; content:".exe"; nocase; http_uri; content:!"|0d 0a|Referer|3a| "; nocase; http_header; pcre:"/\/[A-Z]Setup_[0-9]{4}\.exe$/Ui"; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,doc.emergingthreats.net/2010901; classtype:trojan-activity; sid:2010901; rev:5;)

Added 2011-10-12 19:30:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download ASetup_2009.exe variant"; flow:established,to_server; content:"GET"; nocase; http_method; content:"Setup_"; nocase; http_uri; content:".exe"; nocase; http_uri; content:!"|0d 0a|Referer|3a| "; nocase; http_header; pcre:"/\/[A-Z]Setup_[0-9]{4}\.exe$/Ui"; classtype:trojan-activity; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,doc.emergingthreats.net/2010901; sid:2010901; rev:5;)

Added 2011-09-14 22:44:00 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download ASetup_2009.exe variant"; flow:established,to_server; content:"GET"; nocase; http_method; content:"Setup_"; nocase; http_uri; content:".exe"; nocase; http_uri; content:!"|0d 0a|Referer|3a| "; nocase; http_header; pcre:"/\/[A-Z]Setup_[0-9]{4}\.exe$/Ui"; classtype:trojan-activity; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Fakeav_Setup_dl; reference:url,doc.emergingthreats.net/2010901; sid:2010901; rev:5;)

Added 2011-02-04 17:30:35 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download ASetup_2009.exe variant"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"Setup_"; nocase; uricontent:".exe"; nocase; content:!"|0d 0a|Referer\: "; nocase; pcre:"/\/[A-Z]Setup_[0-9]{4}\.exe$/Ui"; classtype:trojan-activity; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Fakeav_Setup_dl; reference:url,doc.emergingthreats.net/2010901; sid:2010901; rev:3;)

Added 2010-03-15 23:30:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download ASetup_2009.exe variant"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"Setup_"; nocase; uricontent:".exe"; nocase; content:!"|0d 0a|Referer\: "; nocase; pcre:"/\/[A-Z]Setup_[0-9]{4}\.exe$/Ui"; classtype:trojan-activity; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Fakeav_Setup_dl; reference:url,doc.emergingthreats.net/2010901; sid:2010901; rev:3;)

Added 2010-03-15 23:30:45 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET CURRENT_EVENTS Potential FakeAV? download ASetup_2009.exe variant"; flow:established,to_server; content:"GET "; nocase; depth:4; uricontent:"Setup_"; nocase; uricontent:".exe"; nocase; content:!"|0d 0a|Referer\: "; nocase; pcre:"/\/[A-Z]Setup_[0-9]{,4}\.exe$/Ui"; classtype:trojan-activity; reference:url,www.prevx.com/avgraph/1/AVG.html; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Fakeav_Setup_dl; reference:url,doc.emergingthreats.net/2010901; sid:2010901; rev:2;)

Added 2010-03-08 23:15:50 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats